RubyGems - packetgen - Versions diffs - 2.8.7 → 3.0.0 - Mend

packetgen 2.8.7 → 3.0.0

Files changed (89) hide show

checksums.yaml +4 -4
data/.rubocop.yml +0 -1
data/README.md +5 -4
data/lib/packetgen.rb +6 -12
data/lib/packetgen/capture.rb +43 -39
data/lib/packetgen/config.rb +0 -1
data/lib/packetgen/deprecation.rb +1 -1
data/lib/packetgen/header.rb +9 -9
data/lib/packetgen/header/asn1_base.rb +10 -10
data/lib/packetgen/header/base.rb +42 -101
data/lib/packetgen/header/dhcp/option.rb +5 -11
data/lib/packetgen/header/dhcpv6/duid.rb +2 -0
data/lib/packetgen/header/dhcpv6/option.rb +2 -19
data/lib/packetgen/header/dhcpv6/options.rb +7 -0
data/lib/packetgen/header/dns.rb +5 -23
data/lib/packetgen/header/dns/name.rb +1 -0
data/lib/packetgen/header/dns/qdsection.rb +1 -0
data/lib/packetgen/header/dns/question.rb +3 -7
data/lib/packetgen/header/dns/rr.rb +3 -0
data/lib/packetgen/header/dns/rrsection.rb +1 -0
data/lib/packetgen/header/dot11.rb +1 -17
data/lib/packetgen/header/dot1x.rb +1 -0
data/lib/packetgen/header/eap.rb +4 -7
data/lib/packetgen/header/eth.rb +2 -0
data/lib/packetgen/header/http/headers.rb +3 -0
data/lib/packetgen/header/http/request.rb +5 -4
data/lib/packetgen/header/http/response.rb +5 -4
data/lib/packetgen/header/icmp.rb +6 -0
data/lib/packetgen/header/icmpv6.rb +6 -0
data/lib/packetgen/header/igmpv3/mq.rb +2 -0
data/lib/packetgen/header/ip.rb +32 -30
data/lib/packetgen/header/ip/addr.rb +1 -0
data/lib/packetgen/header/ip/option.rb +23 -20
data/lib/packetgen/header/ip/options.rb +11 -24
data/lib/packetgen/header/ipv6.rb +45 -34
data/lib/packetgen/header/ipv6/addr.rb +2 -0
data/lib/packetgen/header/ipv6/hop_by_hop.rb +7 -31
data/lib/packetgen/header/mdns.rb +1 -0
data/lib/packetgen/header/mldv2/mlq.rb +2 -0
data/lib/packetgen/header/ospfv2/lsa.rb +15 -25
data/lib/packetgen/header/ospfv3/ipv6_prefix.rb +1 -1
data/lib/packetgen/header/ospfv3/lsa.rb +8 -25
data/lib/packetgen/header/snmp.rb +2 -0
data/lib/packetgen/header/tcp.rb +23 -2
data/lib/packetgen/header/tcp/option.rb +51 -52
data/lib/packetgen/header/tcp/options.rb +17 -52
data/lib/packetgen/header/tftp.rb +3 -0
data/lib/packetgen/header/udp.rb +8 -0
data/lib/packetgen/packet.rb +119 -102
data/lib/packetgen/pcapng/block.rb +4 -10
data/lib/packetgen/pcapng/epb.rb +4 -4
data/lib/packetgen/pcapng/file.rb +7 -3
data/lib/packetgen/pcapng/idb.rb +2 -2
data/lib/packetgen/pcapng/shb.rb +3 -3
data/lib/packetgen/pcapng/spb.rb +1 -8
data/lib/packetgen/pcapng/unknown_block.rb +0 -7
data/lib/packetgen/types.rb +1 -0
data/lib/packetgen/types/array.rb +73 -71
data/lib/packetgen/types/cstring.rb +1 -1
data/lib/packetgen/types/enum.rb +3 -3
data/lib/packetgen/types/fields.rb +66 -106
data/lib/packetgen/types/int.rb +9 -5
data/lib/packetgen/types/length_from.rb +45 -0
data/lib/packetgen/types/oui.rb +2 -0
data/lib/packetgen/types/string.rb +10 -16
data/lib/packetgen/types/tlv.rb +7 -15
data/lib/packetgen/utils.rb +8 -8
data/lib/packetgen/utils/arp_spoofer.rb +1 -2
data/lib/packetgen/version.rb +1 -1
metadata +3 -21
data/lib/packetgen/header/crypto.rb +0 -62
data/lib/packetgen/header/esp.rb +0 -413
data/lib/packetgen/header/ike.rb +0 -243
data/lib/packetgen/header/ike/auth.rb +0 -165
data/lib/packetgen/header/ike/cert.rb +0 -76
data/lib/packetgen/header/ike/certreq.rb +0 -66
data/lib/packetgen/header/ike/id.rb +0 -99
data/lib/packetgen/header/ike/ke.rb +0 -79
data/lib/packetgen/header/ike/nonce.rb +0 -40
data/lib/packetgen/header/ike/notify.rb +0 -176
data/lib/packetgen/header/ike/payload.rb +0 -315
data/lib/packetgen/header/ike/sa.rb +0 -561
data/lib/packetgen/header/ike/sk.rb +0 -261
data/lib/packetgen/header/ike/ts.rb +0 -270
data/lib/packetgen/header/ike/vendor_id.rb +0 -39
data/lib/packetgen/header/netbios.rb +0 -20
data/lib/packetgen/header/netbios/datagram.rb +0 -105
data/lib/packetgen/header/netbios/name.rb +0 -67
data/lib/packetgen/header/netbios/session.rb +0 -64

data/lib/packetgen/types/int.rb CHANGED Viewed

@@ -38,23 +38,26 @@ module PacketGen
       # @abstract
       # Read an Int from a binary string or an integer
-      # @param [Integer, String] value
+      # @param [Integer, #to_s] value
       # @return [self]
+      # @raise [ParseError] when reading +#to_s+ objects with abstract Int class.
       def read(value)
         @value = if value.is_a?(Integer)
                    value.to_i
-                 else
+                 elsif defined? @packstr
                    value.to_s.unpack(@packstr[@endian]).first
+                 else
+                   raise ParseError, 'Int#read is abstract and cannot read'
                  end
         self
       end
       # @abstract
       # @return [::String]
-      # @raise [StandardError] This is an abstrat method and must be redefined
+      # @raise [ParseError] This is an abstrat method and must be redefined
       def to_s
         unless defined? @packstr
-          raise StandardError, 'PacketGen::Types::Int#to_s is an abstract method'
+          raise ParseError, 'PacketGen::Types::Int#to_s is an abstract method'
         end
         [to_i].pack(@packstr[@endian])
@@ -66,6 +69,7 @@ module PacketGen
         @value || @default
       end
       alias to_human to_i
+      alias from_human value=
       # Convert Int to Float
       # @return [Float]
@@ -76,7 +80,7 @@ module PacketGen
       # Give size in bytes of self
       # @return [Integer]
       def sz
-        to_s.size
+        width
       end
     end

data/lib/packetgen/types/length_from.rb ADDED Viewed

@@ -0,0 +1,45 @@
+# coding: utf-8
+# This file is part of PacketGen
+# See https://github.com/sdaubert/packetgen for more informations
+# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+# frozen_string_literal: true
+module PacketGen
+  module Types
+    # This module is a mixin adding +length_from+ capacity to a type.
+    # +length_from+ capacity is the capacity, for a type, to gets its
+    # length from another object.
+    # @author Sylvain Daubert
+    # @since 3.0.0
+    module LengthFrom
+      # Initialize +length from+ capacity.
+      # Should be call by extensed object's initialize.
+      # @param [Hash] options
+      # @option options [Types::Int,Proc] :length_from object or proc from which
+      #   takes length when reading
+      # @return [void]
+      def initialize_length_from(options)
+        @length_from = options[:length_from]
+      end
+      # Return a substring from +str+ of length given in another object.
+      # @param [#to_s] str
+      # @return [String]
+      def read_with_length_from(str)
+        s = PacketGen.force_binary(str.to_s)
+        str_end = case @length_from
+                  when Types::Int
+                    @length_from.to_i
+                  when Proc
+                    @length_from.call
+                  else
+                    s.size
+                  end
+        str_end = 0 if str_end < 0
+        s[0, str_end]
+      end
+    end
+  end
+end

data/lib/packetgen/types/oui.rb CHANGED Viewed

@@ -29,8 +29,10 @@ module PacketGen
       # @return [OUI] self
       def from_human(str)
         return self if str.nil?
         bytes = str.split(/:/)
         raise ArgumentError, 'not a OUI' unless bytes.size == 3
         self[:b2].read(bytes[0].to_i(16))
         self[:b1].read(bytes[1].to_i(16))
         self[:b0].read(bytes[2].to_i(16))

data/lib/packetgen/types/string.rb CHANGED Viewed

@@ -12,39 +12,33 @@ module PacketGen
     # to be compatible with others {Types}.
     # @author Sylvain Daubert
     class String < ::String
+      include LengthFrom
+      # @return [Integer]
+      attr_reader :static_length
       # @param [Hash] options
       # @option options [Types::Int,Proc] :length_from object or proc from which
       #   takes length when reading
       # @option options [Integer] :static_length set a static length for this string
       def initialize(options={})
         super()
-        @length_from = options[:length_from]
+        initialize_length_from(options)
         @static_length = options[:static_length]
       end
       # @param [::String] str
       # @return [String] self
       def read(str)
-        s = str.to_s
-        str_end = case @length_from
-                  when Types::Int
-                    @length_from.to_i
-                  when Proc
-                    @length_from.call
-                  else
-                    if @static_length.is_a? Integer
-                      @static_length
-                    else
-                      s.size
-                    end
-                  end
-        str_end = 0 if str_end < 0
-        self.replace(s[0, str_end])
+        s = read_with_length_from(str)
+        s = s[0, static_length] if static_length
+        self.replace(s)
         self
       end
       alias sz length
       alias to_human to_s
+      alias from_human read
     end
   end
 end

data/lib/packetgen/types/tlv.rb CHANGED Viewed

@@ -75,6 +75,8 @@ module PacketGen
       # @private
       alias old_type= type=
+      undef type=, value=, value
       # Set type
       # @param [::String,Integer] val
       # @return [Integer]
@@ -86,8 +88,10 @@ module PacketGen
           self.old_type = val
         else
           raise TypeError, 'need an Integer' unless human_types?
           new_val = self.class::TYPES.key(val.to_s)
           raise ArgumentError, "unknown #{val} type" if new_val.nil?
           self.old_type = new_val
         end
       end
@@ -96,27 +100,15 @@ module PacketGen
       # @param [::String,Integer] val
       # @return [::String,Integer]
       def value=(val)
-        if self[:value].respond_to? :from_human
-          self[:value].from_human val
-        elsif self[:value].is_a? Types::Int
-          self[:value].value = val
-        else
-          self.length = val.length if val.is_a? ::String
-          self[:value].read val
-        end
+        self[:value].from_human val
+        self.length = self[:value].sz
         val
       end
       # Get +value+
       # @return [Object] depend on +value+ type
       def value
-        if self[:value].respond_to? :to_human
-          self[:value].to_human
-        elsif self[:value].is_a? Types::Int
-          self[:value].to_i
-        else
-          self[:value]
-        end
+        self[:value].to_human
       end
       # Return human readable type, if TYPES is defined

data/lib/packetgen/utils.rb CHANGED Viewed

@@ -42,6 +42,7 @@ module PacketGen
     # @option options [Integer] :timeout timeout in seconds before stopping
     #   request. Default to 2.
     # @return [String,nil]
+    # @raise [RuntimeError] user don't have permission to capture packets on network device.
     def self.arp(ipaddr, options={})
       unless options[:no_cache]
         local_cache = self.arp_cache
@@ -65,6 +66,7 @@ module PacketGen
       cap_thread.join
       return if capture.packets.empty?
       capture.packets.each do |pkt|
         break pkt.arp.sha.to_s if pkt.arp.spa.to_s == ipaddr
       end
@@ -85,6 +87,7 @@ module PacketGen
     # @option options [String] :iface interface to use. Default to
     #   {PacketGen.default_iface}
     # @return [void]
+    # @raise [RuntimeError] user don't have permission to capture packets on network device.
     def self.arp_spoof(target_ip, spoofed_ip, options={})
       interval = options[:interval] || 1.0
       as = ARPSpoofer.new(timeout: options[:for_seconds], interval: interval,
@@ -119,6 +122,7 @@ module PacketGen
     #     pkt
     #   end
     # @since 2.2.0
+    # @raise [RuntimeError] user don't have permission to capture packets on network device.
     def self.mitm(target1, target2, options={})
       options = { iface: PacketGen.default_iface }.merge(options)
@@ -144,14 +148,10 @@ module PacketGen
         iph = modified_pkt.ip
         l2 = modified_pkt.is?('Dot11') ? modified_pkt.dot11 : modified_pkt.eth
-        if (iph.dst != my_ip) && (iph.src != my_ip)
-          if (iph.src == target1)  || (iph.dst == target2)
-            l2.dst = mac2
-          elsif (iph.src == target2) ||(iph.dst == target1)
-            l2.dst = mac1
-          else
-            next
-          end
+        if (iph.src == target1) || (iph.dst == target2)
+          l2.dst = mac2
+        elsif (iph.src == target2) || (iph.dst == target1)
+          l2.dst = mac1
         else
           next
         end

data/lib/packetgen/utils/arp_spoofer.rb CHANGED Viewed

@@ -5,8 +5,6 @@
 # frozen_string_literal: true
-require 'thread'
 module PacketGen
   module Utils
     # @note This class is provided for test purpose.
@@ -117,6 +115,7 @@ module PacketGen
       # @return [Boolean,nil]
       def active?(target_ip)
         return unless @targets.key?(target_ip)
         @targets[target_ip][:active]
       end

data/lib/packetgen/version.rb CHANGED Viewed

@@ -10,5 +10,5 @@
 # @author Sylvain Daubert
 module PacketGen
   # PacketGen version
-  VERSION = '2.8.7'
+  VERSION = '3.0.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packetgen
 version: !ruby/object:Gem::Version
-  version: 2.8.7
+  version: 3.0.0
 platform: ruby
 authors:
 - Sylvain Daubert
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-10-18 00:00:00.000000000 Z
+date: 2018-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: interfacez
@@ -153,7 +153,6 @@ files:
 - lib/packetgen/header/asn1_base.rb
 - lib/packetgen/header/base.rb
 - lib/packetgen/header/bootp.rb
-- lib/packetgen/header/crypto.rb
 - lib/packetgen/header/dhcp.rb
 - lib/packetgen/header/dhcp/option.rb
 - lib/packetgen/header/dhcp/options.rb
@@ -183,7 +182,6 @@ files:
 - lib/packetgen/header/eap/md5.rb
 - lib/packetgen/header/eap/tls.rb
 - lib/packetgen/header/eap/ttls.rb
-- lib/packetgen/header/esp.rb
 - lib/packetgen/header/eth.rb
 - lib/packetgen/header/gre.rb
 - lib/packetgen/header/http.rb
@@ -198,19 +196,6 @@ files:
 - lib/packetgen/header/igmpv3/group_record.rb
 - lib/packetgen/header/igmpv3/mq.rb
 - lib/packetgen/header/igmpv3/mr.rb
-- lib/packetgen/header/ike.rb
-- lib/packetgen/header/ike/auth.rb
-- lib/packetgen/header/ike/cert.rb
-- lib/packetgen/header/ike/certreq.rb
-- lib/packetgen/header/ike/id.rb
-- lib/packetgen/header/ike/ke.rb
-- lib/packetgen/header/ike/nonce.rb
-- lib/packetgen/header/ike/notify.rb
-- lib/packetgen/header/ike/payload.rb
-- lib/packetgen/header/ike/sa.rb
-- lib/packetgen/header/ike/sk.rb
-- lib/packetgen/header/ike/ts.rb
-- lib/packetgen/header/ike/vendor_id.rb
 - lib/packetgen/header/ip.rb
 - lib/packetgen/header/ip/addr.rb
 - lib/packetgen/header/ip/option.rb
@@ -226,10 +211,6 @@ files:
 - lib/packetgen/header/mldv2/mcast_address_record.rb
 - lib/packetgen/header/mldv2/mlq.rb
 - lib/packetgen/header/mldv2/mlr.rb
-- lib/packetgen/header/netbios.rb
-- lib/packetgen/header/netbios/datagram.rb
-- lib/packetgen/header/netbios/name.rb
-- lib/packetgen/header/netbios/session.rb
 - lib/packetgen/header/ospfv2.rb
 - lib/packetgen/header/ospfv2/db_description.rb
 - lib/packetgen/header/ospfv2/hello.rb
@@ -271,6 +252,7 @@ files:
 - lib/packetgen/types/fields.rb
 - lib/packetgen/types/int.rb
 - lib/packetgen/types/int_string.rb
+- lib/packetgen/types/length_from.rb
 - lib/packetgen/types/oui.rb
 - lib/packetgen/types/string.rb
 - lib/packetgen/types/tlv.rb

data/lib/packetgen/header/crypto.rb DELETED Viewed

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-module PacketGen
-  module Header
-    # Mixin for cryptographic classes
-    # @api private
-    # @author Sylvain Daubert
-    module Crypto
-      # Cryptographic error
-      class Error < PacketGen::Error; end
-      # Register cryptographic modes
-      # @param [OpenSSL::Cipher] conf
-      # @param [OpenSSL::HMAC] intg
-      # @return [void]
-      def set_crypto(conf, intg)
-        @conf = conf
-        @intg = intg
-        return unless conf.authenticated?
-        # #auth_tag_len only supported from ruby 2.4.0
-        @conf.auth_tag_len = @trunc if @conf.respond_to? :auth_tag_len
-      end
-      # Get confidentiality mode name
-      # @return [String]
-      def confidentiality_mode
-        mode = @conf.name.match(/-([^-]*)$/)[1]
-        raise Error, 'unknown cipher mode' if mode.nil?
-        mode.downcase
-      end
-      # Say if crypto modes permit authentication
-      # @return [Boolean]
-      def authenticated?
-        @conf.authenticated? || !@intg.nil?
-      end
-      def authenticate!
-        @conf.final
-        if @intg
-          @intg.update @esn.to_s if @esn
-          @intg.digest[0, @icv_length] == @icv
-        else
-          true
-        end
-      rescue OpenSSL::Cipher::CipherError
-        false
-      end
-      def encipher(data)
-        enciphered_data = @conf.update(data)
-        @intg.update(enciphered_data) if @intg
-        enciphered_data
-      end
-      def decipher(data)
-        @intg.update(data) if @intg
-        @conf.update(data)
-      end
-    end
-  end
-end

data/lib/packetgen/header/esp.rb DELETED Viewed

@@ -1,413 +0,0 @@
-# This file is part of PacketGen
-# See https://github.com/sdaubert/packetgen for more informations
-# Copyright (C) 2016 Sylvain Daubert <sylvain.daubert@laposte.net>
-# This program is published under MIT license.
-# frozen_string_literal: true
-module PacketGen
-  module Header
-    # A ESP header consists of:
-    # * a Security Parameters Index (#{spi}, {Types::Int32} type),
-    # * a Sequence Number ({#sn}, +Int32+ type),
-    # * a {#body} (variable length),
-    # * an optional TFC padding ({#tfc}, variable length),
-    # * an optional {#padding} (to align ESP on 32-bit boundary, variable length),
-    # * a {#pad_length} ({Types::Int8}),
-    # * a Next header field ({#next}, +Int8+),
-    # * and an optional Integrity Check Value ({#icv}, variable length).
-    #
-    # == Create an ESP header
-    #  # standalone
-    #  esp = PacketGen::Header::ESP.new
-    #  # in a packet
-    #  pkt = PacketGen.gen('IP').add('ESP')
-    #  # access to ESP header
-    #  pkt.esp   # => PacketGen::Header::ESP
-    #
-    # == Examples
-    # === Create an enciphered UDP packet (ESP transport mode), using CBC mode
-    #  icmp = PacketGen.gen('IP', src: '192.168.1.1', dst: '192.168.2.1').
-    #                   add('ESP', spi: 0xff456e01, sn: 12345678).
-    #                   add('UDP', dport: 4567, sport: 45362, body 'abcdef')
-    #  cipher = OpenSSL::Cipher.new('aes-128-cbc')
-    #  cipher.encrypt
-    #  cipher.key = 16bytes_key
-    #  iv = 16bytes_iv
-    #  esp.esp.encrypt! cipher, iv
-    #
-    # === Create a ESP packet tunneling a UDP one, using GCM combined mode
-    #  # create inner UDP packet
-    #  icmp = PacketGen.gen('IP', src: '192.168.1.1', dst: '192.168.2.1').
-    #                   add('UDP', dport: 4567, sport: 45362, body 'abcdef')
-    #
-    #  # create outer ESP packet
-    #  esp = PacketGen.gen('IP', src '198.76.54.32', dst: '1.2.3.4').add('ESP')
-    #  esp.esp.spi = 0x87654321
-    #  esp.esp.sn  = 0x123
-    #  esp.esp.icv_length = 16
-    #  # encapsulate ICMP packet in ESP one
-    #  esp.encapsulate icmp
-    #
-    #  # encrypt ESP payload
-    #  cipher = OpenSSL::Cipher.new('aes-128-gcm')
-    #  cipher.encrypt
-    #  cipher.key = 16bytes_key
-    #  iv = 8bytes_iv
-    #  esp.esp.encrypt! cipher, iv, salt: 4bytes_gcm_salt
-    #
-    # === Decrypt a ESP packet using CBC mode and HMAC-SHA-256
-    #  cipher = OpenSSL::Cipher.new('aes-128-cbc')
-    #  cipher.decrypt
-    #  cipher.key = 16bytes_key
-    #
-    #  hmac = OpenSSL::HMAC.new(hmac_key, OpenSSL::Digest::SHA256.new)
-    #
-    #  pkt.esp.decrypt! cipher, intmode: hmac    # => true if ICV check OK
-    # @author Sylvain Daubert
-    # @since 1.2.0
-    class ESP < Base
-      include Crypto
-      # IP protocol number for ESP
-      IP_PROTOCOL = 50
-      # Well-known UDP port for ESP
-      UDP_PORT = 4500
-      # @!attribute spi
-      #  32-bit Security Parameter Index
-      #  @return [Integer]
-      define_field :spi, Types::Int32
-      # @!attribute sn
-      #  32-bit Sequence Number
-      #  @return [Integer]
-      define_field :sn, Types::Int32
-      # @!attribute body
-      #  @return [Types::String,Header::Base]
-      define_field :body, Types::String
-      # @!attribute tfc
-      #  Traffic Flow Confidentiality padding
-      #  @return [Types::String,Header::Base]
-      define_field :tfc, Types::String
-      # @!attribute padding
-      #  ESP padding
-      #  @return [Types::String,Header::Base]
-      define_field :padding, Types::String
-      # @!attribute pad_length
-      #  8-bit padding length
-      #  @return [Integer]
-      define_field :pad_length, Types::Int8
-      # @!attribute next
-      #  8-bit next protocol value
-      #  @return [Integer]
-      define_field :next, Types::Int8
-      # @!attribute icv
-      #  Integrity Check Value
-      #  @return [Types::String,Header::Base]
-      define_field :icv, Types::String
-      # ICV (Integrity Check Value) length
-      # @return [Integer]
-      attr_accessor :icv_length
-      # @param [Hash] options
-      # @option options [Integer] :icv_length ICV length
-      # @option options [Integer] :spi Security Parameters Index
-      # @option options [Integer] :sn Sequence Number
-      # @option options [::String] :body ESP payload data
-      # @option options [::String] :tfc Traffic Flow Confidentiality, random padding
-      #    up to MTU
-      # @option options [::String] :padding ESP padding to align ESP on 32-bit
-      #    boundary
-      # @option options [Integer] :pad_length padding length
-      # @option options [Integer] :next Next Header field
-      # @option options [::String] :icv Integrity Check Value
-      def initialize(options={})
-        @icv_length = options[:icv_length] || 0
-        super
-      end
-      # Read a ESP packet from string.
-      #
-      # {#padding} and {#tfc} are not set as they are enciphered (impossible
-      # to guess their respective size). {#pad_length} and {#next} are also
-      # enciphered.
-      # @param [String] str
-      # @return [self]
-      def read(str)
-        return self if str.nil?
-        force_binary str
-        self[:spi].read str[0, 4]
-        self[:sn].read str[4, 4]
-        self[:body].read str[8...-@icv_length - 2]
-        self[:tfc].read ''
-        self[:padding].read ''
-        self[:pad_length].read str[-@icv_length - 2, 1]
-        self[:next].read str[-@icv_length - 1, 1]
-        self[:icv].read str[-@icv_length, @icv_length] if @icv_length
-        self
-      end
-      # Encrypt in-place ESP payload and trailer.
-      #
-      # This method removes all data from +tfc+ and +padding+ fields, as their
-      # enciphered values are concatenated into +body+.
-      #
-      # It also removes headers under ESP from packet, as they are enciphered in
-      # ESP body, and then are no more accessible.
-      # @param [OpenSSL::Cipher] cipher keyed cipher.
-      #   This cipher is confidentiality-only one, or AEAD one. To use a second
-      #   cipher to add integrity, use +:intmode+ option.
-      # @param [String] iv full IV for encryption
-      #  * CTR and GCM modes: +iv+ is 8-bytes long.
-      # @param [Hash] options
-      # @option options [String] :salt salt value for CTR and GCM modes
-      # @option options [Boolean] :tfc
-      # @option options [Fixnum] :tfc_size ESP body size used for TFC
-      #   (default 1444, max size for a tunneled IPv4/ESP packet).
-      #   This is the maximum size for ESP packet (without IP header
-      #   nor Eth one).
-      # @option options [Fixnum] :esn 32 high-orber bits of ESN
-      # @option options [Fixnum] :pad_length set a padding length
-      # @option options [String] :padding set a padding. No check with
-      #   +:pad_length+ is made. If +:pad_length+ is not set, +:padding+
-      #   length is shortened to correct padding length
-      # @option options [OpenSSL::HMAC] :intmode integrity mode to use with a
-      #   confidentiality-only cipher. Only HMAC are supported.
-      # @return [self]
-      def encrypt!(cipher, iv, options={})
-        opt = { salt: '', tfc_size: 1444 }.merge(options)
-        set_crypto cipher, opt[:intmode]
-        real_iv = force_binary(opt[:salt]) + force_binary(iv)
-        real_iv += [1].pack('N') if confidentiality_mode == 'ctr'
-        cipher.iv = real_iv
-        authenticate_esp_header_if_needed options, iv
-        case confidentiality_mode
-        when 'cbc'
-          cipher_len = self.body.sz + 2
-          self.pad_length = (16 - (cipher_len % 16)) % 16
-        else
-          mod4 = to_s.size % 4
-          self.pad_length = 4 - mod4 if mod4 > 0
-        end
-        if opt[:pad_length]
-          self.pad_length = opt[:pad_length]
-          padding = force_binary(opt[:padding] || (1..self.pad_length).to_a.pack('C*'))
-          self[:padding].read padding
-        else
-          padding = force_binary(opt[:padding] || (1..self.pad_length).to_a.pack('C*'))
-          self[:padding].read padding[0...self.pad_length]
-        end
-        tfc = ''
-        if opt[:tfc]
-          tfc_size = opt[:tfc_size] - body.sz
-          if tfc_size > 0
-            tfc_size = case confidentiality_mode
-                       when 'cbc'
-                         (tfc_size / 16) * 16
-                       else
-                         (tfc_size / 4) * 4
-                       end
-            tfc = force_binary("\0" * tfc_size)
-          end
-        end
-        msg = self.body.to_s + tfc
-        msg += self[:padding].to_s + self[:pad_length].to_s + self[:next].to_s
-        enc_msg = encipher(msg)
-        # as padding is used to pad for CBC mode, this is unused
-        cipher.final
-        self[:body] = Types::String.new.read(iv) << enc_msg[0..-3]
-        self[:pad_length].read enc_msg[-2]
-        self[:next].read enc_msg[-1]
-        # reset padding field as it has no sense in encrypted ESP
-        self[:padding].read ''
-        set_esp_icv_if_needed
-        # Remove enciphered headers from packet
-        id = header_id(self)
-        if id < packet.headers.size - 1
-          (packet.headers.size - 1).downto(id + 1) do |index|
-            packet.headers.delete_at index
-          end
-        end
-        self
-      end
-      # Decrypt in-place ESP payload and trailer.
-      # @param [OpenSSL::Cipher] cipher keyed cipher
-      #   This cipher is confidentiality-only one, or AEAD one. To use a second
-      #   cipher to add integrity, use +:intmode+ option.
-      # @param [Hash] options
-      # @option options [Boolean] :parse parse deciphered payload to retrieve
-      #   headers (default: +true+)
-      # @option options [Fixnum] :icv_length ICV length for captured packets,
-      #   or read from PCapNG files
-      # @option options [String] :salt salt value for CTR and GCM modes
-      # @option options [Fixnum] :esn 32 high-orber bits of ESN
-      # @option options [OpenSSL::HMAC] :intmode integrity mode to use with a
-      #   confidentiality-only cipher. Only HMAC are supported.
-      # @return [Boolean] +true+ if ESP packet is authenticated
-      def decrypt!(cipher, options={})
-        opt = { salt: '', parse: true }.merge(options)
-        set_crypto cipher, opt[:intmode]
-        case confidentiality_mode
-        when 'gcm'
-          iv = self.body.slice!(0, 8)
-          real_iv = opt[:salt] + iv
-        when 'cbc'
-          cipher.padding = 0
-          real_iv = iv = self.body.slice!(0, 16)
-        when 'ctr'
-          iv = self.body.slice!(0, 8)
-          real_iv = opt[:salt] + iv + [1].pack('N')
-        else
-          real_iv = iv = self.body.slice!(0, 16)
-        end
-        cipher.iv = real_iv
-        if authenticated? && (@icv_length.zero? || opt[:icv_length])
-          raise ParseError, 'unknown ICV size' unless opt[:icv_length]
-          @icv_length = opt[:icv_length].to_i
-          # reread ESP to handle new ICV size
-          msg = self.body.to_s + self[:pad_length].to_s
-          msg += self[:next].to_s
-          self[:icv].read msg.slice!(-@icv_length, @icv_length)
-          self[:body].read msg[0..-3]
-          self[:pad_length].read msg[-2]
-          self[:next].read msg[-1]
-        end
-        authenticate_esp_header_if_needed options, iv, self[:icv]
-        private_decrypt opt
-      end
-      private
-      def get_auth_data(opt)
-        ad = self[:spi].to_s
-        if opt[:esn]
-          @esn = Types::Int32.new(opt[:esn])
-          ad << @esn.to_s if @conf.authenticated?
-        end
-        ad << self[:sn].to_s
-      end
-      def authenticate_esp_header_if_needed(opt, iv, icv=nil)
-        if @conf.authenticated?
-          @conf.auth_tag = icv if icv
-          @conf.auth_data = get_auth_data(opt)
-        elsif @intg
-          @intg.reset
-          @intg.update get_auth_data(opt)
-          @intg.update iv
-          @icv = icv
-        else
-          @icv = nil
-        end
-      end
-      def set_esp_icv_if_needed
-        return unless authenticated?
-        if @conf.authenticated?
-          self[:icv].read @conf.auth_tag[0, @icv_length]
-        else
-          self[:icv].read @intg.digest[0, @icv_length]
-        end
-      end
-      def private_decrypt(options)
-        # decrypt
-        msg = self.body.to_s
-        msg += self[:padding].to_s + self[:pad_length].to_s + self[:next].to_s
-        plain_msg = decipher(msg)
-        # check authentication tag
-        if authenticated?
-          return false unless authenticate!
-        end
-        # Set ESP fields
-        self[:body].read plain_msg[0..-3]
-        self[:pad_length].read plain_msg[-2]
-        self[:next].read plain_msg[-1]
-        # Set padding
-        if self.pad_length > 0
-          len = self.pad_length
-          self[:padding].read self.body.slice!(-len, len)
-        end
-        # Set TFC padding
-        encap_length = 0
-        pkt = nil
-        case self.next
-        when 4   # IPv4
-          pkt = Packet.parse(body, first_header: 'IP')
-          encap_length = pkt.ip.length
-        when 41  # IPv6
-          pkt = Packet.parse(body, first_header: 'IPv6')
-          encap_length = pkt.ipv6.length + pkt.ipv6.sz
-        when ICMP::IP_PROTOCOL
-          pkt = Packet.parse(body, first_header: 'ICMP')
-          # no size field. cannot recover TFC padding
-          encap_length = body.sz
-        when UDP::IP_PROTOCOL
-          pkt = Packet.parse(body, first_header: 'UDP')
-          encap_length = pkt.udp.length
-        when TCP::IP_PROTOCOL
-          # No length in TCP header, so TFC may not be used.
-          # Or underlayer protocol should have a size information...
-          pkt = Packet.parse(body, first_header: 'TCP')
-          encap_length = pkt.sz
-        when ICMPv6::IP_PROTOCOL
-          pkt = Packet.parse(body, first_header: 'ICMPv6')
-          # no size field. cannot recover TFC padding
-          encap_length = body.sz
-        else
-          # Unmanaged encapsulated protocol
-          encap_length = body.sz
-        end
-        if encap_length < body.sz
-          tfc_len = body.sz - encap_length
-          self[:tfc].read self.body.slice!(encap_length, tfc_len)
-        end
-        if options[:parse]
-          packet.encapsulate pkt unless pkt.nil?
-        end
-        true
-      end
-    end
-    self.add_class ESP
-    IP.bind ESP, protocol: ESP::IP_PROTOCOL
-    IPv6.bind ESP, next: ESP::IP_PROTOCOL
-    UDP.bind ESP, procs: [->(f) { f.dport = f.sport = ESP::UDP_PORT },
-                          ->(f) { (f.dport == ESP::UDP_PORT ||
-                                     f.sport == ESP::UDP_PORT) &&
-                                   Types::Int32.new.read(f.body[0..3]).to_i > 0 }]
-    ESP.bind IP, next: 4
-    ESP.bind IPv6, next: 41
-    ESP.bind TCP, next: TCP::IP_PROTOCOL
-    ESP.bind UDP, next: TCP::IP_PROTOCOL
-    ESP.bind ICMP, next: ICMP::IP_PROTOCOL
-    ESP.bind ICMPv6, next: ICMPv6::IP_PROTOCOL
-  end
-end